Debian: Security Advisory (DLA-2996-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2996-1] mruby security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2996-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA May 06, 2022 https://wiki.debian.org/LTS -...

Moderate: Red Hat Security Advisory: Red Hat Ansible Tower 3.7.2-1 - RHEL7 Container

Red Hat Ansible Tower 3.7.2-1 - RHEL7 Container Updated Named URLs to allow for testing the presence or absence of objects CVE-2020-14337 Fixed Tower Server Side Request Forgery on Credentials CVE-2020-14327 Fixed Tower Server Side Request Forgery on Webhooks CVE-2020-14328 Fixed Tower sensitive...

CVE-2020-14337

CVE-2020-14337 affects Ansible Tower/Tower, where a data exposure flaw allows an unauthenticated, remote attacker to glean data by error results. Reports describe that HTTP error responses can reveal pages from the default organization and verification of usernames. The issue is associated with T...

CVE-2019-14337

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the /bin/sh -c wget sequence...

CVE-2019-14337

CVE-2019-14337 affects D-Link 6600-AP and DWL-3600AP devices running firmware 4.2.0.14 (Ax). The issue enables escaping the restricted command-line interface to a shell, demonstrated by the /bin/sh -c wget sequence. Documented references include NVD (CVSS2/3.1), Red Hat and CNVD entries, and thir...

D-Link 6600-AP XSS / DoS / Information Disclosure

Security Advisory - 22/07/2019 Multiple vulnerabilities found in the D-Link 6600-AP device running the latest firmware version 4.2.0.14. D-Link 6600-AP is not produced anymore but the support is still provided by D-Link as per described on the D-Link website. Not that this product is built for...

UBUNTU-CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

CVE-2018-14337

The CVE-2018-14337 issue affects mruby 1.4.1 where the CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c can overflow a signed integer, potentially causing out-of-bounds memory access because mrb_str_resize does not check for a negative length. This is documented across multiple connected source...

CVE-2017-14337

When MISP before 2.4.80 is configured with X.509 certificate authentication CertAuth in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access ...

CVE-2017-14337

CVE-2017-14337 affects MISP prior to 2.4.80. When CertAuth via X.509 is used together with a non-MISP external user management REST API, and that API returns an empty value for an external user, an unauthenticated user can be granted access as an arbitrary user. Evidence across connected records ...